Bank Account Encryption Should Encrypt The Bank Account In IBY_PAYMENTS_ALL (Doc ID 1593797.1)

Last updated on JULY 28, 2020

Applies to:

Goal

When electronic payments are made the bank account the payment is deposited to is saved on iby_payments_all and ap_checks_all tables. If a supplier questions a payment, users can identify the bank account that the payment was deposited to with certainty.

Encryption on IBY_PAYMENTS_ALL for bank accounts.
This issue is a data integrity problem because the information about the payment is being lost.  When encryption is off, the system properly saves the bank account the payment was made to.  It appears to be a design flaw and an unintended side effect that when encryption is turned on, the bank account the payment was made to is not being saved.  The loss of such critical data as the bank account the payment was made to cannot be intended functionality.

Currently all the information about a payment is kept on IBY_PAYMENTS_ALL.  The information saved includes the payee name and address, the payer name and address, the messages printed on the check if it is a check, payment request information, etc.  This information is saved so organizations can say with certainty to whom and how a payment was made.  The organization needs to be able to prove beyond a reasonable doubt that the payer made the payment to the payee, including the bank accounts that electronic payment was sent to and from.  When bank account encryption is turned off, the bank account the payment is sent to is saved on IBY_PAYMENTS_ALL and can be viewed in payment details.  However when bank account encryption is turned on, the payee bank account is not saved and the paying organizations loses the ability to say beyond a reasonable doubt to which bank account the payment was made. This means the organization is forced to maintain this data separately from the system to respond to inquiries and claims of non-payment.  The system should maintain the bank account data the same whether bank account encryption is on or off, so that it can be retrieved to prove that a payment was made and to whom and to what bank account.

 

This situation is made worse by the fact that the masked bank account that is displayed when encryption is turned can be incorrect.  If the bank account is updated after the payment is made the system will display the masked updated bank account.  It should always display the account the payment was actually made to.  

Solution

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.